5 July 2014

Secure Your Wordpess Sites

// // 5 comments
How to Secure Your Wordpess Sites
Websites are become a powerful venue in the web when it comes to provide information to the public or selling a product or service.Due to its popularity, more people are establishing their own blogs or websites to reach out to millions of people worldwide. 

When it comes to Content Management System or CMS, WordPress is one of the most popular and well-loved among bloggers. In fact now around 8.5% of the websites are powered by WordPress simply because it is easy to install, use and maintain. It also has a lot of available plug-ins which bloggers can use to improve their sites.


 Must Read : Secure Wordpress Login Page

However, establishing your own website comes with a price. Although your sole purpose is to provide relevant information to the public, it can be susceptible to hacking. Therefore, website security should be one of the many things you need to address. So here we're going to share some tips to secure your wordpress power sites.



A Reliable Web Hosting Provider


Your web hosting provider can make a lot of difference when running your website. Keep in mind that no matter how you protect your website, if your host has no security features, it will be difficult to protect your blog. Therefore, go for providers that offer the best security measures and related add-ons to ensure that your website is hacker-free.  



Security Plugins


In securing your blog, WordPress offers a number of security plug-ins you can use either for free or for a fee. Choose among the multifunctional security plug-in or specialized type of plug-ins available. However, choose a security plug-in that corresponds to you and your website’s needs and should not be in conflict with your existing plug-ins.  



Report Suspicious Activities


People always say follow your instinct. If you notice that someone is trying to illegally access your website or your site has been under a hacker’s attack, report immediately. There are several specialized web services available you can contact which deals specifically with hackers or Distributed Denial of Service attack (DDoS) threats. Once reported, these professionals will act on it immediately and can even offer you with website setup assistance. You may also want to inform your readers by posting, if possible, a warning message that your site has been hacked.


Don't Ever Share Passwords


Anything in excess can be harmful. And too much sharing of information can cost you a lot. Remember that access data or passwords are not meant to be shared (that’s the reason why it is in black circles every time you plug it in the password field). Even if you employed the necessary security plug-ins and your web hosting provider have the best security features, if you share your data to other people, your website may be prone to hacking. 

In line with this, make sure that your password should be unique and difficult to guess. Avoid using passwords that can be easily associated to you otherwise, those who know you can use it against you.



Keep Your Site Clean and Organized


Imagine if you keep your room uncluttered – you can easily notice if there are any changes or something is missing. Same goes with your website. If you keep it organized and remove any inactive plug-ins, you can easily notice suspicious activities.


Update Regularly


Google will always need a fresh content. Aside from this, keeping your site updated allows you to notice any suspicious changes made. While the hacker’s mind may be brilliant, employing all the necessary precautions can make a lot of difference to prevent your website from being hacked.


Protect Admin Acess


Should you change the name of the default “admin” user that every WordPress installation starts out with? Sure, you can. It certainly isn’t going to hurt.Just know that it isn’t the pinnacle of security measures. Hackers can find usernames fairly easily from blog posts or elsewhere.More important than disguising the specific admin username is to make sure that every username of your site with administrator access is protected by a strong password. (Yes, I’m referring you back to #1 in this list.),And, if you really want to protect your site, go the extra step of requiring a Yubikey to login. That way, even if someone does have the password to a username with administrator access, he or she cannot login without physically possessing the Yubikey (which is easily used via simple USB insertion when it’s login time).And no, it’s not a hassle. It’s peace of mind.



Guard Against BruteForce Attacks



Remember the stat I cited above? It’s worth citing again: we see between 50K and 180K failed login attempts a day on the sites we host. The site you’re reading right now (Copyblogger in case you’re somehow reading a scraper site) sees 275 unauthorized login attempts … every hour.


Before you pass out at the magnitude of that number, know that you’re far from powerless against these nameless, faceless hack attempts.



  • Your web host should be helping to protect you from brute force attacks. We do. We regularly monitor where failed login attempts are coming from and then lock out the offending IP addresses.
  • Make sure you’ve checked off tips 1, 2, and 3 above.
  • There are programs that can be installed (such as Limit Login Attempts) that will make it much more difficult for brute force techniques to work.


Monitor for Malware



It’s imperative that you have some kind of system in place to constantly monitor your site for malware.


The folks at Sucurty do this as well as anyone, which is why we’ve partnered with them for the server-side scanning that we do for all of our customers.How you monitor is vitally important. Choose a method that can actually dive into your file structure and detect deep breaches, rather than one that just shows you where you’re vulnerable.

 Must Read : Disable Auto-Embeds Wordpress

Hope this tips will help you to make your wordpress powered website secure.If you do know any other tips to secure your wordpress power website then let our viewer know through the comment box below.


Articles You May Like

5 comments: Leave Your Comments

  1. Wordpress do have less security than blogger.Thanks for the tips.

    ReplyDelete
  2. What are some of the free security plugins you suggest to be installed? I also have a plugin to avoid malware.

    ReplyDelete
  3. Been using blogger for my sites but not WordPress. Some are applicable for blogspot too.

    ReplyDelete
  4. Keep our password to ourselves and have routine checks for malware.

    ReplyDelete